The present application relates to computer technology, and more specifically, to the testing security of a computer program product.
Nowadays, businesses maintain an online presence to conduct commerce and business operations using the Internet. The businesses have to maintain one or more secure webpages to ensure the integrity of online data and continue to function properly on the Internet. Consequently, webpage security is validated regularly. Manual penetration testing is one technique of security validation. In manual penetration testing, an attack from a malicious source is simulated on a web page. An attack typically includes inserting malicious code into communications with the web page. A user may manually analyze the web site for vulnerabilities that have been exposed to the attack.
However, web pages can be quite large and extensive, and thus vulnerabilities can be missed during manual analysis. Additionally, web site administrators may be unaware of applications residing on one or more web pages, and vulnerabilities related to those applications may be missed. Further, a process, such as creating accounts, generating quotations, and other such activities, can be difficult to test because of sequential operations that depend on the specificity of the process, and source code may not be fully covered by a manual attack, allowing for more missed vulnerabilities.